Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fields vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2003-0215
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and previous versions allows remote malicious users to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
Battleaxe Software Bttlxeforum
1 EDB exploit
7.8
CVSSv3
CVE-2020-15301
SuiteCRM up to and including 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation.
Salesagility Suitecrm
7.5
CVSSv3
CVE-2022-36079
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Internal fields (keys used internally by Parse Server, prefixed by `_`) and protected fields (user defined) can be used as query constraints. Internal and protected fields are ...
Parseplatform Parse-server
8.2
CVSSv3
CVE-2022-31112
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from t...
Parseplatform Parse-server
NA
CVE-2024-29759
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a up to and including 1.2.54.
NA
CVE-2003-1212
MaxWebPortal 1.30 allows remote malicious users to perform unauthorized actions by modifying hidden form fields, such as the (1) news, (2) lock, or (3) allmem fields in the 'start new topic' HTML page.
NA
CVE-2004-0162
Multiple content security gateway and antivirus products allow remote malicious users to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.
Clearswift Mailsweeper 4.3.13
Clearswift Mailsweeper 4.3.14
F-secure Internet Gatekeeper 6.4
Paul L Daniels Ripmime 1.2.0
Paul L Daniels Ripmime 1.2.7
Paul L Daniels Ripmime 1.3.2.0
Clearswift Mailsweeper 4.3.15
Clearswift Mailsweeper 4.3.7
Paul L Daniels Ripmime 1.2.1
Paul L Daniels Ripmime 1.2.2
Paul L Daniels Ripmime 1.3.2.2
Paul L Daniels Ripmime 1.3.2.3
Clearswift Mailsweeper 4.3.10
Clearswift Mailsweeper 4.3.11
F-secure Internet Gatekeeper 6.31
F-secure Internet Gatekeeper 6.32
Paul L Daniels Ripmime 1.2.5
Paul L Daniels Ripmime 1.2.6
Clearswift Mailsweeper 4.3.8
F-secure Internet Gatekeeper 6.3
Paul L Daniels Ripmime 1.2.3
Paul L Daniels Ripmime 1.2.4
NA
CVE-2024-33274
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote malicious user to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php
5.4
CVSSv3
CVE-2023-25763
Jenkins Email Extension Plugin 2.93 and previous versions does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control affected fields.
Jenkins Email Extension
NA
CVE-2006-3550
Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote malicious users to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends."
F5 Firepass 4100 5.4.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »